001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.verify;
016    
017    import com.liferay.portal.NoSuchRoleException;
018    import com.liferay.portal.model.Group;
019    import com.liferay.portal.model.GroupConstants;
020    import com.liferay.portal.model.ResourceConstants;
021    import com.liferay.portal.model.Role;
022    import com.liferay.portal.model.RoleConstants;
023    import com.liferay.portal.security.permission.ActionKeys;
024    import com.liferay.portal.service.GroupLocalServiceUtil;
025    import com.liferay.portal.service.ResourcePermissionLocalServiceUtil;
026    import com.liferay.portal.service.RoleLocalServiceUtil;
027    import com.liferay.portal.util.PortalInstances;
028    
029    /**
030     * @author Brian Wing Shun Chan
031     */
032    public class VerifyRole extends VerifyProcess {
033    
034            protected void addViewSiteAdministrationPermission(Role role)
035                    throws Exception {
036    
037                    String name = Group.class.getName();
038    
039                    Group group = GroupLocalServiceUtil.getGroup(
040                            role.getCompanyId(), GroupConstants.USER_PERSONAL_SITE);
041    
042                    String primKey = String.valueOf(group.getGroupId());
043    
044                    if (!ResourcePermissionLocalServiceUtil.hasResourcePermission(
045                                    role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP,
046                                    primKey, role.getRoleId(), ActionKeys.MANAGE_LAYOUTS) ||
047                            ResourcePermissionLocalServiceUtil.hasResourcePermission(
048                                    role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP,
049                                    primKey, role.getRoleId(),
050                                    ActionKeys.VIEW_SITE_ADMINISTRATION)) {
051    
052                            return;
053                    }
054    
055                    ResourcePermissionLocalServiceUtil.addResourcePermission(
056                            role.getCompanyId(), name, ResourceConstants.SCOPE_GROUP, primKey,
057                            role.getRoleId(), ActionKeys.VIEW_SITE_ADMINISTRATION);
058            }
059    
060            protected void deleteImplicitAssociations(Role role) throws Exception {
061                    runSQL(
062                            "delete from UserGroupGroupRole where roleId = " +
063                                    role.getRoleId());
064                    runSQL("delete from UserGroupRole where roleId = " + role.getRoleId());
065            }
066    
067            @Override
068            protected void doVerify() throws Exception {
069                    long[] companyIds = PortalInstances.getCompanyIdsBySQL();
070    
071                    for (long companyId : companyIds) {
072                            RoleLocalServiceUtil.checkSystemRoles(companyId);
073    
074                            try {
075                                    Role organizationUserRole = RoleLocalServiceUtil.getRole(
076                                            companyId, RoleConstants.ORGANIZATION_USER);
077    
078                                    deleteImplicitAssociations(organizationUserRole);
079                            }
080                            catch (NoSuchRoleException nsre) {
081                            }
082    
083                            try {
084                                    Role powerUserRole = RoleLocalServiceUtil.getRole(
085                                            companyId, RoleConstants.POWER_USER);
086    
087                                    addViewSiteAdministrationPermission(powerUserRole);
088                            }
089                            catch (NoSuchRoleException nsre) {
090                            }
091    
092                            try {
093                                    Role siteMemberRole = RoleLocalServiceUtil.getRole(
094                                            companyId, RoleConstants.SITE_MEMBER);
095    
096                                    deleteImplicitAssociations(siteMemberRole);
097                            }
098                            catch (NoSuchRoleException nsre) {
099                            }
100                    }
101            }
102    
103    }